For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, April 23, 2016

I have a poster in my office in New Hampshire. Remember the "Beware of Female Spies" poster? I have one framed and hanging in my office.

This morning when I scanned my morning RSS feeds, I found a story about the Chinese warning its young girls not to fall for handsome strangers that might be looking to steal state secrets, and it immediately made me think of the old poster hanging in my office.

The Chinese version of the story starts out with two young girls, followed by what appears to be a dinner date with wine, and ends up showing the girl in handcuffs after both she and David are arrested, and a police officer telling her that she has a shallow understanding of the need to protect state secrets. The caption shown with the comic above reads "David, the red-headed man, should not be trusted."

The comic not only reminded me of the need for OPSEC, but also that intelligence is very personal. David is obviously attempting to collect from a young girl, plying her with compliments, wine, affections and probably a bit of money. He's doing this because he needs information on something specific, from someone specific. And while it's good to know that there are big things that people want to steal from each other, it's more important to the company to know what someone wants to steal from them...

And so we've begun a bit of an overhaul in the way we author our own reports. I talked about Cyberwatch last week, and that's one output --one way that we individualize our reporting to the specific customer. We write daily reports --it includes some open source material, but it starts out with the what's coming for you? and then leads into the broader now here's what's happening around the world... I've challenged my team to write to the individual --make every one of our readers feel like the product was written for them specifically, and to that we've started pushing products to every customer, tailored to them. What kinds of things can you expect from us? Here are a few use cases:

For the enterprise --intelligence for network defense --this is the stuff we write every day. But what about the bigger picture? Here are a few examples of intelligence work we've been doing...

Counter branding

Anti-counterfeit

M&A and Supply Chain assessments

Log analysis

Strategic intelligence --what do you have that someone will want to steal next week?

This is hard stuff folks. There are a ton of intel companies out there, and most collect from the same sources, and you can't swing a dead cat without someone else standing up an EC2 instance with a fancy front end and calling themselves cyber intelligence. But if you really want individualized attention, to whom to you call? You call Wapack Labs. Someone told me two weeks ago "23 people does not an intelligence company make" --but when you're 25 people and you service only a small number of high quality companies, 23 (we'll be 26 by May 1st) is the perfect size.

BT

Need easy to read material for your boss? Check out our TLP WHITE Executive Read Board --now set up on our main website. We put up a simple Wordpress site last year on a whim and it caught on, but we'd heard more and more that there were log-in issues, and my poor old version of Wordfence was taking a beating, so finally, today, we went live on a new TLP WHITE Executive Read Board. Why do we call it the Executive Read Board? My my early days as a shipboard Radioman, we packaged up a daily 'read board' for the old man. Every day, we took the read board up to his cabin and asked that he chop off (initial) every document that he reads. So enjoy. It's priced right --even with a couple of no cost reads per month, and for every story there are indicators in our Threat Recon indicator database. And if you need more, for every indicator there's a report in Red Sky...
Context, depth, indicators. Have a look: